Another scam to steal Twitter users credentials is making the rounds today. The tweets being sent out read "Twitter might start to charge in October, sign this petition to keep the service free! -URL-."

The official Twitter account, @safety, has warned people about the threat and it appears that the Twitter team is having partial success extinguishing this one. Here is an example block page I received when attempting to visit one of the URLs.

Unfortunately it did not take me long to find the original destination dressed up with several different URL shorteners. This one seems to still be making the rounds to some extent.

Remember folks, rather than click those short URLs, you can always check them over at longurl.org. If you expanded this one you would see that it eventually takes you to ltittier -dot- com, which was registered on a Chinese DNS server at three past midnight this morning.

The site is a near perfect duplicate of the real Twitter login site, and it masquerades as a message that your session has timed out. You will need to "reauthenticate" and hand over your identity to the criminals immediately.

At least one Twitter user seems to be having some fun with this and has produced her own copy of the scam... Earlier this morning @trojankitten posted "Twitter might start charging in October, a petition is picking up speed to keep it free.-URL-."

If you click the short link, you are redirected a bit and end up on a pastie.org page that reads:

"Hi,
This is Trojan Kitten. Twitter won't "start charging in October," but there's yet-another-twitter-malware, which will send tweets like these from your account, once you're affected:

"Twitter might start to charge in October, sign this petition to keep the service free! link.here/to-malware" "Twitter is going to charge now? read this article on twitter :( link.here/to-malware"

And since you see the text you're currently reading, you could've been affected: you clicked the link. I don't actually blame the users. So let's blame Twitter for its loose control on apps (in terms of security).

If you have been hit with this scam, be sure to change your Twitter password immediately and it would be prudent to log in and revoke all application API access as well.

You will need to reauthorize each Twitter enabled program as you use them, but your account will be safer for it.

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics.
You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.